With dedicated AccountManagerPlugin permissions now you could not only
delegate AccountManager administration to users without granting themTRAC_ADMIN, but even differentiate access policy within these settings
(closes #1902 as well):

These are the changes provided by izzy and updated by dake,
just slightly modified to better fit to surrounding code.
We still need to take care for a possible dead-lock situation, when
notification is disabled, refs #3989.

This is a backwards-compatible API change. It's meant to prepare for
adding AuthStores, that need to know both, old and new password
for password change, like the proposed LdapAuthStore, refs #1600.
Unittests are added to cover the method extension as well.

The new option hash_type is available via acct_mgr config admin UI too.
Salt generation is moved from htpasswd() module into new mkhtpasswd().
An old compatibility method for Python <= 2.3 gets removed while doing
some code cleanup.
And we add a new, long missed unittest for crypt|md5|sha hash creation.

htpasswd.bak files are not deleted anymore when updating htpasswd file
in the same directory and it's ownership is preserved as well, preventing
a DoS by inaccessible user file in shared use.
Furthermore we use universal newline support, if build-in, so line endings
are always seen as '\n' by our code regardless of real formatting
(Macintosh convention '\r', Windows convention '\r\n'). However the
actual end-of-line style is probed and preserved on file updates.
Finally the file is not left open for an indeterminated amount of time
after file access, what wasn't reported but deduced by own code studies
to be a potential issue and therefor fixed as a precaution.